From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/56185 Path: main.gmane.org!not-for-mail From: rossini@blindglobe.net (A.J. Rossini) Newsgroups: gmane.emacs.gnus.general Subject: Re: trying to deal with an smtp server that wants encryption Date: Thu, 22 Jan 2004 23:31:27 -0800 Sender: ding-owner@lists.math.uh.edu Message-ID: <85ektr9l4g.fsf@servant.blindglobe.net> References: <85k73j9m5p.fsf@servant.blindglobe.net> <2184.217.208.174.213.1074842370.squirrel@217.208.174.213> Reply-To: rossini@u.washington.edu NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1074843017 27358 80.91.224.253 (23 Jan 2004 07:30:17 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 23 Jan 2004 07:30:17 +0000 (UTC) Cc: ding@gnus.org Original-X-From: ding-owner+M4725@lists.math.uh.edu Fri Jan 23 08:30:09 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AjvlY-0000Es-00 for ; Fri, 23 Jan 2004 08:30:08 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1AjvlM-0006I5-00; Fri, 23 Jan 2004 01:29:56 -0600 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1AjvlG-0006I0-00 for ding@lists.math.uh.edu; Fri, 23 Jan 2004 01:29:50 -0600 Original-Received: from servant.blindglobe.net (sense-sea-MegaSub-2-231.oz.net [216.39.172.231]) by justine.libertine.org (Postfix) with ESMTP id 2E8BF3A0033 for ; Fri, 23 Jan 2004 01:29:50 -0600 (CST) Original-Received: from rossini by servant.blindglobe.net with local (Exim 4.30) id 1Ajvmp-0002Eg-Jg; Thu, 22 Jan 2004 23:31:27 -0800 Original-To: "Simon Josefsson" X-Face: >W_Rys'8s0zCUk5iFHk{Sn,Yw"=Z,Qq#v.3FS&**X:wHhFT~%t)F|ze)wKX<1v36_W(0n4-*r[~s_,hK"3DHHga&F6=|a1t8}VBnhQL~]rWOg(L In-Reply-To: <2184.217.208.174.213.1074842370.squirrel@217.208.174.213> (Simon Josefsson's message of "Fri, 23 Jan 2004 08:19:30 +0100 (CET)") User-Agent: Gnus/5.1003 (Gnus v5.10.3) XEmacs/21.4 (Reasonable Discussion, linux) Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:56185 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:56185 "Simon Josefsson" writes: >> (the *.pem files (key and cert) self-cert'd, I don't think I need >> them?) > > Right. Unless the server require them, or you want to use X.509 > authentication (but keep in mind that starttls '-verify' doesn't really do > anything, it doesn't verify the server certificate, AFACT). > >> Using gnutls-cli, I actually get feedback in the *trace* file that I'm >> doing something right, but it times out and closes. Using starttls, >> it never really starts the TLS handshake. > > Can you post the output in the *trace... buffer? Done > Also try 'gnutls-cli -s mailserver -p 25' and type 'STARTTLS\n' followed > by ^D to initiate TLS, followed by 'EHLO foo', to verify that gnutls-bin > works. and done. 500$ gnutls-cli -s smtp.washington.edu -p 25 Resolving 'smtp.washington.edu'... Connecting to '140.142.33.9:25'... - Simple Client Mode: 220 smtp.washington.edu ESMTP Sendmail 8.12.10+UW03.09/8.12.10+UW03.09; Thu, 22 Jan 2004 23:23:00 -0800 STARTTLS 220 2.0.0 Ready to start TLS *** Starting TLS handshake - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate matches 'smtp.washington.edu'. # valid since: Thu Jan 23 12:44:00 PST 2003 # expires at: Sun Feb 8 15:10:00 PST 2004 # serial number: 09 d4 97 # fingerprint: 63 12 43 fc 7d 49 f1 c0 5d 75 99 0a 7b de 4d 51 # version: #3 # public key algorithm: RSA # Modulus: 1024 bits # Subject's DN: C=US,ST=Washington,L=Seattle,O=University of Washington,OU=NDC,CN=smtp.washington.edu # Issuer's DN: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Server CA,EMAIL=server-certs@thawte.com - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS 1.0 - Key Exchange: RSA - Cipher: ARCFOUR 128 - MAC: SHA - Compression: NULL EHLO foo 250-smtp.washington.edu Hello sense-sea-MegaSub-2-231.oz.net [216.39.172.231], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-EXPN 250-VERB 250-8BITMIME 250-SIZE 60000000 250-ETRN 250-AUTH GSSAPI PLAIN LOGIN 250-DELIVERBY 250 HELP So it looks good so far. BUT, with gnutls-cli, I'm getting a *Backtrace*: Signaling: (invalid-regexp "Invalid preceding regular expression") re-search-forward("*** Handshake has failed" nil t) starttls-negotiate(#) byte-code("..." [host n name supported-extensions process response-code get-buffer-create format "*trace of SMTP session to %s*" erase-buffer smtpmail-open-stream throw done nil set-process-filter smtpmail-process-filter featurep mule file-coding set-process-coding-system no-conversion-unix make-local-variable smtpmail-read-point smtpmail-read-response 400 t smtpmail-send-command "EHLO %s" smtpmail-fqdn "HELO %s" mapcar # split-string 4 "[ ]" 1 (verb xvrb 8bitmime onex xone expn size dsn etrn enhancedstatuscodes help xusr auth=login auth starttls) message "Unknown extension %s" smtpmail-find-credentials starttls process-id "STARTTLS" starttls-negotiate smtpmail-try-auth-methods onex xone "ONEX" verb xvrb ...] 8) smtpmail-via-smtp(("rossini@oz.net") #) smtpmail-send-it() gnus-agent-send-mail() message-send-mail(nil) message-send-via-mail(nil) message-send(nil) message-send-and-exit(nil) call-interactively(message-send-and-exit) and the *trace of SMTP....* buffer looks like: 220 smtp.washington.edu ESMTP Sendmail 8.12.10+UW03.09/8.12.10+UW03.09; Thu, 22 Jan 2004 23:25:07 -0800^M EHLO stevedallas^M 250-smtp.washington.edu Hello sense-sea-MegaSub-2-231.oz.net [216.39.172.231], pleased to meet you^M 250-ENHANCEDSTATUSCODES^M 250-PIPELINING^M 250-EXPN^M 250-VERB^M 250-8BITMIME^M 250-SIZE 60000000^M 250-ETRN^M 250-AUTH GSSAPI^M 250-STARTTLS^M 250-DELIVERBY^M 250 HELP^M STARTTLS^M 220 2.0.0 Ready to start TLS^M *** Starting TLS handshake - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: # The hostname in the certificate matches 'smtp.washington.edu'. # valid since: Thu Jan 23 12:44:00 PST 2003 # expires at: Sun Feb 8 15:10:00 PST 2004 # serial number: 09 d4 97 # fingerprint: 63 12 43 fc 7d 49 f1 c0 5d 75 99 0a 7b de 4d 51 # version: #3 # public key algorithm: RSA # Modulus: 1024 bits # Subject's DN: C=US,ST=Washington,L=Seattle,O=University of Washington,OU=NDC,CN=smtp.washington.edu # Issuer's DN: C=ZA,ST=Western Cape,L=Cape Town,O=Thawte Consulting cc,OU=Certification Services Division,CN=Thawte Server CA,EMAIL=server-certs@thawte.com - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS 1.0 - Key Exchange: RSA - Cipher: ARCFOUR 128 - MAC: SHA - Compression: NULL QUIT^M 221 2.0.0 smtp.washington.edu closing connection Process SMTP killed BTW, for completeness, I threw back in the ^M's that I'm getting in the trace buffer, but got converted upon cut-and-paste. best, -tony -- rossini@u.washington.edu http://www.analytics.washington.edu/ Biomedical and Health Informatics University of Washington Biostatistics, SCHARP/HVTN Fred Hutchinson Cancer Research Center UW (Tu/Th/F): 206-616-7630 FAX=206-543-3461 | Voicemail is unreliable FHCRC (M/W): 206-667-7025 FAX=206-667-4812 | use Email CONFIDENTIALITY NOTICE: This e-mail message and any attachments may be confidential and privileged. If you received this message in error, please destroy it and notify the sender. Thank you.